umask: enable group write perms, prevent other (rwx) perms.
This commit is contained in:
parent
b446c98518
commit
2e192aef1b
@ -3,6 +3,10 @@ const testing = std.testing;
|
|||||||
const net = std.net;
|
const net = std.net;
|
||||||
const os = std.os;
|
const os = std.os;
|
||||||
const fmt = std.fmt;
|
const fmt = std.fmt;
|
||||||
|
const c = std.c;
|
||||||
|
|
||||||
|
// TODO: to remove once PR https://github.com/ziglang/zig/pull/14639 is accepted.
|
||||||
|
pub extern "c" fn umask(mode: c.mode_t) c.mode_t;
|
||||||
|
|
||||||
const log = std.log.scoped(.libipc_context);
|
const log = std.log.scoped(.libipc_context);
|
||||||
|
|
||||||
@ -228,6 +232,11 @@ pub const Context = struct {
|
|||||||
var fbs = std.io.fixedBufferStream(&buffer);
|
var fbs = std.io.fixedBufferStream(&buffer);
|
||||||
var writer = fbs.writer();
|
var writer = fbs.writer();
|
||||||
|
|
||||||
|
// Allow to create a unix socket with the right permissions.
|
||||||
|
// Group should include write permissions.
|
||||||
|
var previous_mask = umask(0o117);
|
||||||
|
defer _ = umask(previous_mask);
|
||||||
|
|
||||||
try self.server_path(service_name, writer);
|
try self.server_path(service_name, writer);
|
||||||
var path = fbs.getWritten();
|
var path = fbs.getWritten();
|
||||||
|
|
||||||
@ -239,6 +248,7 @@ pub const Context = struct {
|
|||||||
// Store the path in the Connection structure, so the UNIX socket file can be removed later.
|
// Store the path in the Connection structure, so the UNIX socket file can be removed later.
|
||||||
var newcon = Connection.init(Connection.Type.SERVER, try self.allocator.dupeZ(u8, path));
|
var newcon = Connection.init(Connection.Type.SERVER, try self.allocator.dupeZ(u8, path));
|
||||||
try self.add_(newcon, newfd);
|
try self.add_(newcon, newfd);
|
||||||
|
|
||||||
return server;
|
return server;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -561,14 +571,14 @@ const CommunicationTestThread = struct {
|
|||||||
defer _ = gpa.deinit();
|
defer _ = gpa.deinit();
|
||||||
const allocator = gpa.allocator();
|
const allocator = gpa.allocator();
|
||||||
|
|
||||||
var c = try Context.init(allocator);
|
var ctx = try Context.init(allocator);
|
||||||
defer c.deinit(); // There. Can't leak. Isn't Zig wonderful?
|
defer ctx.deinit(); // There. Can't leak. Isn't Zig wonderful?
|
||||||
|
|
||||||
var buffer: [1000]u8 = undefined;
|
var buffer: [1000]u8 = undefined;
|
||||||
var fbs = std.io.fixedBufferStream(&buffer);
|
var fbs = std.io.fixedBufferStream(&buffer);
|
||||||
var writer = fbs.writer();
|
var writer = fbs.writer();
|
||||||
|
|
||||||
try c.server_path("simple-context-test", writer);
|
try ctx.server_path("simple-context-test", writer);
|
||||||
var path = fbs.getWritten();
|
var path = fbs.getWritten();
|
||||||
const socket = try net.connectUnixSocket(path);
|
const socket = try net.connectUnixSocket(path);
|
||||||
defer socket.close();
|
defer socket.close();
|
||||||
@ -583,17 +593,17 @@ test "Context - creation, display and memory check" {
|
|||||||
|
|
||||||
const allocator = gpa.allocator();
|
const allocator = gpa.allocator();
|
||||||
|
|
||||||
var c = try Context.init(allocator);
|
var ctx = try Context.init(allocator);
|
||||||
defer c.deinit(); // There. Can't leak. Isn't Zig wonderful?
|
defer ctx.deinit(); // There. Can't leak. Isn't Zig wonderful?
|
||||||
|
|
||||||
var buffer: [1000]u8 = undefined;
|
var buffer: [1000]u8 = undefined;
|
||||||
var fbs = std.io.fixedBufferStream(&buffer);
|
var fbs = std.io.fixedBufferStream(&buffer);
|
||||||
var writer = fbs.writer();
|
var writer = fbs.writer();
|
||||||
try c.server_path("simple-context-test", writer);
|
try ctx.server_path("simple-context-test", writer);
|
||||||
var path = fbs.getWritten();
|
var path = fbs.getWritten();
|
||||||
|
|
||||||
// SERVER SIDE: creating a service.
|
// SERVER SIDE: creating a service.
|
||||||
var server = c.server_init("simple-context-test") catch |err| switch (err) {
|
var server = ctx.server_init("simple-context-test") catch |err| switch (err) {
|
||||||
error.FileNotFound => {
|
error.FileNotFound => {
|
||||||
log.err("cannot init server at {s}", .{path});
|
log.err("cannot init server at {s}", .{path});
|
||||||
return err;
|
return err;
|
||||||
@ -624,13 +634,13 @@ const ConnectThenSendMessageThread = struct {
|
|||||||
defer _ = gpa.deinit();
|
defer _ = gpa.deinit();
|
||||||
const allocator = gpa.allocator();
|
const allocator = gpa.allocator();
|
||||||
|
|
||||||
var c = try Context.init(allocator);
|
var ctx = try Context.init(allocator);
|
||||||
defer c.deinit(); // There. Can't leak. Isn't Zig wonderful?
|
defer ctx.deinit(); // There. Can't leak. Isn't Zig wonderful?
|
||||||
|
|
||||||
var path_buffer: [1000]u8 = undefined;
|
var path_buffer: [1000]u8 = undefined;
|
||||||
var path_fbs = std.io.fixedBufferStream(&path_buffer);
|
var path_fbs = std.io.fixedBufferStream(&path_buffer);
|
||||||
var path_writer = path_fbs.writer();
|
var path_writer = path_fbs.writer();
|
||||||
try c.server_path("simple-context-test", path_writer);
|
try ctx.server_path("simple-context-test", path_writer);
|
||||||
var path = path_fbs.getWritten();
|
var path = path_fbs.getWritten();
|
||||||
|
|
||||||
// Actual UNIX socket connection.
|
// Actual UNIX socket connection.
|
||||||
@ -658,17 +668,17 @@ test "Context - creation, echo once" {
|
|||||||
|
|
||||||
const allocator = gpa.allocator();
|
const allocator = gpa.allocator();
|
||||||
|
|
||||||
var c = try Context.init(allocator);
|
var ctx = try Context.init(allocator);
|
||||||
defer c.deinit(); // There. Can't leak. Isn't Zig wonderful?
|
defer ctx.deinit(); // There. Can't leak. Isn't Zig wonderful?
|
||||||
|
|
||||||
var buffer: [1000]u8 = undefined;
|
var buffer: [1000]u8 = undefined;
|
||||||
var fbs = std.io.fixedBufferStream(&buffer);
|
var fbs = std.io.fixedBufferStream(&buffer);
|
||||||
var writer = fbs.writer();
|
var writer = fbs.writer();
|
||||||
try c.server_path("simple-context-test", writer);
|
try ctx.server_path("simple-context-test", writer);
|
||||||
var path = fbs.getWritten();
|
var path = fbs.getWritten();
|
||||||
|
|
||||||
// SERVER SIDE: creating a service.
|
// SERVER SIDE: creating a service.
|
||||||
var server = c.server_init("simple-context-test") catch |err| switch (err) {
|
var server = ctx.server_init("simple-context-test") catch |err| switch (err) {
|
||||||
error.FileNotFound => {
|
error.FileNotFound => {
|
||||||
log.err("cannot init server at {s}", .{path});
|
log.err("cannot init server at {s}", .{path});
|
||||||
return err;
|
return err;
|
||||||
|
Loading…
Reference in New Issue
Block a user